Language Selection

English French German Italian Portuguese Spanish

DistroWatch Weekly, Issue 337

Filed under
Linux

This week in DistroWatch Weekly:

  • Reviews: A first look at Jibbed 5.0.1 (a NetBSD live CD)
  • News: Fedora Community Remix, Mandriva "Cooker" updates, Dreamlinux future, Arch Linux interview
  • Questions and answers: In search of "better" applications
  • Statistics: Online CD, DVD and USB media sales
  • Released last week: BackTrack 4, Pardus Linux 2009.1
  • New distributions: Android-x86, Puredyne, Zen-mini
  • Reader comments

Read more in this week's issue of DistroWatch Weekly....

More in Tux Machines

Debian and Ubuntu

Development: JavaScript, PHP, and GCC

  • 10 JavaScript concepts every Node.js programmer must master
    With JavaScript and the V8 engine at the core, an event-driven architecture, and scalability out of the box, Node.js has quickly become the new de facto standard for creating web applications and SaaS products. Many frameworks like Express, Sails, and Socket.IO enable users to quickly bootstrap applications and focus only on the business logic.
  • PHP Tour - Nantes 2017
    As for every AFUP event, organization was perfect, and I was able to meet a lot of developers and PHP users.
  • More OpenACC 2.5 Code Lands In GCC
    More code for supporting the OpenACC 2.5 specification has been landing in mainline GCC.
  • D Language Front-End Proposed For GCC 8, 800k Lines of Code
    A set of 13 patches amounting to nearly 800k lines of new code were sent out Sunday morning for adding a D language front-end to the GNU Compiler Collection (GCC).

Security Leftovers

  • Researchers find Android design defects that allow attacks

    The researchers — Yanick Fratantonio of the University of California, and Chenxiong Qian, Simon Pak Ho Chung and Wenke Lee, all from the Georgia Institute of Technology — called it a Cloak and Dagger attack as it happened without the owner of the smartphone being aware that any attack had taken place.

    The attack does not exploit any vulnerability, but takes advantage of two permissions that are allowed for apps to use certain features on Android.

  • The internet of unreliable and broken things
    Fine, the current process is rocky. Some of that is that it’s not matured yet (Alexa, when did Vincent Price die? No, not “play vincent price die”, not “christ die”, not “do you speak some price dead”, you stupid pile of undocumented microchips!) Some of it is that basically every large company underestimates how much people’s accounts are set up incorrectly or incompletely; after all, employees have everything set up right, because they know what they’re doing, and so this never comes up in testing. Some of it is because I’m joining dots on three or four very different puzzles: I’m sure if I were to get a Google Home and use Google Mail to send my shopping list to Google Keep and then buy things from Google Shopping, or if I were to get some theoretical Home Siri device and play music from my Apple account and put things in my Apple iCloud account… then all this would be a lot more seamless. But you should beware people who proclaim that technology would be easy if all us heathens were just to renounce our diverse needs and join their true faith. Mastery goes to the designer who can cope with us real people, in all our glittering and varied patterns and colours and desires. Not just the ones who take the easy way out and block you if you haven’t already bought all the rest of your stuff from them too.
  • 9 Ways Organizations Sabotage Their Own Security: Lessons from the Verizon DBIR
    Datasets from the recent Verizon 2017 Data Breach Investigations Report (DBIR) show that some security teams still may be operating under false assumptions regarding what it takes to keep their organizations secure. For starters, the same security standards don't apply across all vertical industries, says Suzanne Widup, a senior consultant for the Verizon RISK Team and co-author of the Verizon DBIR.
  • “Yahoobleed” flaw leaked private e-mail attachments and credentials
  • Web Developer Security Checklist
    If you have drunk the MVP cool-aid and believe that you can create a product in one month that is both valuable and secure — think twice before you launch your “proto-product”. After you review the checklist below, acknowledge that you are skipping many of these critical security issues. At the very minimum, be honest with your potential users and let them know that you don’t have a complete product yet and are offering a prototype without full security.
  • Obstacles to the Adoption of Secure Communication Tools

    [...] we interviewed 60 participants about their experience with different communication tools and their perceptions of the tools' security properties. We found that the adoption of secure communication tools is hindered by fragmented user bases and incompatible tools. Furthermore, the vast majority of participants did not understand the essential concept of end-to-end encryption, limiting their motivation to adopt secure tools

  • VMware Patches Multiple Security Issues in Workstation
    VMware fixed two bugs in its VMware Workstation late Thursday night, including an insecure library loading vulnerability and a NULL pointer dereference vulnerability. The virtualization software company warned of the issues Thursday night in a security advisory VMSA-2017-0009.

Linux Devices, Tizen, and Android